Le dimanche 16 décembre 2007 à 13:32 +0100, Julien Valroff a écrit : > Hi, > > Le mercredi 06 décembre 2006 à 11:18 -0500, Daniel Kahn Gillmor a > écrit : > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > At 2006-12-04 23:21, [EMAIL PROTECTED] said: > > > > > When receiving mail with X-DSPAM headers already present, > > > local dspam adds its own to the bottom. > > > > I just confirmed this: dspam does not replace already-present X-DSPAM > > headers on a functioning dspam 3.6.8 installation for me either. > > > > > This could be used by spammers to trick people filtering on Result: > > > Innocent > > > > Yup. That's a problem. As a general principle, I'd suggest that it's > > better to filter based on the presence of any non-Innocent results (as > > opposed to the lack of an Innocent result), but the difference is a > > subtle one, and your scenario is probably not uncommon. > > > > > But it also prevents error learning as the provided signature > > > is not found in the local database (and dspam quits on the > > > first signature found). It's quite a problem for resent > > > messages (mutt's bounce). > > > > This is a good point, and a potentially serious problem for dspam. > > > > > I see no reason to keep externally generated X-DSPAM headers, > > > but would suggest to overwrite them with the local data. > > > > I tend to agree that this is the right solution. Would someone with > > more experience with MTAs care to weigh in on whether replacing > > received headers is a legitimate thing to do? > > I must say I am not an experienced sysadmin, but I thought I could share > my knowledge. Using postfix as MTA, I simply IGNORE the previous X-DSPAM > headers: > /^(X-DSPAM-.*)/ IGNORE > as an header check rule. > > You also have to set "nested_header_checks=" in your main.cf file so > that postfix doesn’t delete the X-DSPAM-* headers in the attached > messages. Without this line, the signatures cannot be retrieved from the > nested message. > > I hope this can help.
Also see this discussion I had launched on a dspam mailing list: http://comments.gmane.org/gmane.mail.spam.dspam.devel/2597 Cheers, Julien
